Understanding Business Continuity and Disaster Recovery RTO & RPO

If you’ve heard anything about business continuity and disaster recovery (BC/DR) then you’ve certainly heard the terms RTO and RPO thrown around. But what do these two words actually mean? Should you be more concerned with one over the other or are they equally important? Let’s dive into this and explore what RTO and RPO mean and how they each affect your business in a BC/DR situation.

Recovery Time Objective (RTO)

In his book Enterprise Security Architecture: A Guide to Infosec Management, Rassoul Ghaznavi-Zadeh defines RTO as:

The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

Put more simply, RTO is the maximum amount of downtime your business can tolerate for any system or application. Ask yourself, “How long can this be down before it causes a major disruption to my business?”

Recovery Point Objective (RPO)

Rassoul Ghaznavi-Zadeh defines RPO as:

Recovery Point Objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the business continuity plan’s maximum allowable threshold or “tolerance.”

Again we can simplify this and say that RPO is the maximum age of files that can be restored to resume the normal operation of your business. For RPO ask yourself, “How old can the data used to restore this system be for business to proceed normally?”

Now that you understand how RTO and RPO affect your business, checkout or free ROI calculator here, then contact us so we can help you get started down the path to a secure, robust, and reliable business continuity strategy.